-
Type:
Task
-
Resolution: Done
-
Priority:
Medium
-
Affects Version/s: None
-
FLW Sprint 37, FLW Sprint 38, FLW Sprint 39, FLW Sprint 40, FLW Sprint 41, FLW Sprint 42
-
FLW Mobile App
-
All
Sensitive fields allow copying to clipboard.
Impact:
Clipboard can be accessed by any other app, risking data leakage.
| Vulnerability Name | Vulnerable URL | CVE/CWE | CVSS Score | Overall Risk (Severity) |
Observation / Description | Impact | Recommendation | Reference | Steps to reproduce |
| Android Application | Copy Paste Buffer | CWE-200 | 2.8 | Low | Allowing users to copy and paste content from a website is a standard browser behavior and is not inherently a security vulnerability. However, it can become a concern if it facilitates the unauthorized copying of sensitive or confidential information. | Data Leakage: Users may copy and share sensitive or confidential information from the website, potentially compromising the confidentiality of the data. Intellectual Property Risk: If the website contains proprietary content or intellectual property, enabling copy and paste could increase the risk of unauthorized access and theft of these assets |
Disable the Copy / Paste mechanism on sensitive parameters. | https://www.tutorialspoint.com/How-to-disable-copy-content-function-using-jQuery | Step 1: During security assessment, we utilized the application and we observed that the copy-paste mechanism was permitted on sensitive input parameters. |
